Re: security risk about eggdrop

To: Tamas TEVESZ <ice@extreme.hu>
Cc: Juergen Nagler <Juergen.Nagler@student.uni-ulm.de>, debian-isp@lists.debian.org
Subject: Re: security risk about eggdrop
From: Joey Hess <joeyh@debian.org>
Date: Thu, 23 Dec 1999 22:04:12 -0500
Message-id: <[🔎] 19991223220412.A787@paper.kitenet.net>
In-reply-to: <Pine.LNX.3.96.991218110135.28407C-100000@mailtrans.sote.hu>; from ice@extreme.hu on Sat, Dec 18, 1999 at 11:03:46AM +0100
References: <385A5F76.39016568@student.uni-ulm.de> <Pine.LNX.3.96.991218110135.28407C-100000@mailtrans.sote.hu>

Tamas TEVESZ wrote:
> if you would, be sure to put it in a chrooted environment.
> (most eggdrops are poorly configured, ppl w/ rights +mn have access to
> .tcl commands, which means .tcl exec
> eggdrop/filesystem/incoming/myexploit)

Yuck. Debian actually has an eggdrop package -- how does it stack up; is it
vunerable to this?

-- 
see shy jo

Reply to:

Follow-Ups:
- Re: security risk about eggdrop
  - From: hypnos <hypnos@m-net.arbornet.org>

Prev by Date: Re: POP3 daemon selection
Next by Date: Re: POP3 daemon selection
Previous by thread: Re: POP3 daemon selection
Next by thread: Re: security risk about eggdrop
Index(es):
- Date
- Thread